@Info.Policy: We can balance privacy and protection in the United States

By Robert Gellman

May 28, 2003

Robert Gellman

It's been a different world since Sept. 11, 2001. Events have forced constant reconsideration of the balance between privacy and security.

Not all privacy issues require new reviews. Terrorism has not changed people's preference for privacy in the commercial arena. When banks and other information companies argue against privacy in the interest of countering terrorism, they do so because they want to exploit consumer data to make money. Terrorism is a red herring here.

In government, it's a different ball game. America is not alone in re-evaluating privacy and security. In most industrialized countries, security debates have benefited from the participation of national privacy commissioners.

The commissioners haven't won all the battles. Indeed, they have taken more than their share of losses. But they have been there to influence events and to keep the debates honest.

In the United States we have no permanent, independent representation of privacy in government, and we are poorer for it. National privacy commissions in Australia and Canada have contributed to a new exploration of the boundaries between privacy and security.

Out of separate initiatives by the international privacy establishment, four tests have evolved for evaluating any intrusive new security measure:

The measure must be demonstrably necessary to meet a specific need.

The measure must be demonstrably likely to be effective. In other words, it should actually make us significantly safer, not just make us feel safer.

The privacy intrusion must be proportional to the security benefit derived.

It must be demonstrable that no less-intrusive measure could achieve the same purpose.

This is a useful framework for policy analysis. People on both sides need to discuss issues clearly and objectively. We need to identify and weigh the stakes in any decision. GCN readers responsible for IT security can benefit by using these tests to engage policy-makers and folks on the other side.

I have a fifth test to offer: whether a proposed measure is cost-effective. We have moved beyond the 'anything goes' stage of responding to terrorism. Unfortunately, we haven't moved too far beyond that stage, but there is more rationality now.

That's why cost-effectiveness should be considered. We cannot afford every security measure that someone dreams up. There is a limit to the resources we can devote and the disruptions we can tolerate.

One way to assess those limits is to evaluate the costs and benefits of a proposal. This is the same tool that some demand for federal regulations. We need it for security as well.

Privacy and security are not inherently incompatible. Yes, there must be some give and take, but we can strike a fair balance. The five tests above are a good start toward that balance.

Robert Gellman is a Washington privacy and information policy consultant. E-mail him at rgellman@netacc.net.